With every Internet service becoming more and more personalized on an ever growing number of Internet-connected devices, authenticating online users continues to create significant security challenges for practically every organization that offers online services. Traditionally, authentication methods have been categorized according to specific authentication factors such as “something you know” (e.g. passwords), “something you have” (e.g. a security token) and “something you are” (e.g. a fingerprint). Several multifactor authentication approaches exist that use combinations of those factors to deliver stronger authentication than any single factor alone.
Each traditional factor has advantages and drawbacks rooted in the conflicting needs for stronger security (i.e. make it difficult for unauthorized persons to crack) and ease of use (i.e. make the authentication experience as seamless as possible for authorized persons). Hence, the quest continues for solutions that not only provide strong security, but do so while delivering seamlessness and great convenience for its users.
Adding to the challenges of traditional solutions is that security measures are commonly architected around individual services operated by independent providers. As a result, Internet users struggle to deal with a confusing array of technology solutions that vary widely from one online service to the next. Because users' personal information is increasingly stored by practically every provider for a variety purposes, this patchwork approach to authentication perpetuates, and sometimes exacerbates, personal privacy and security issues. Providers with the weaker approach become the obvious targets for identity theft, making users' personal information vulnerable in spite of stronger measures that may be adopted by other providers.